nndocs:initial
Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
| nndocs:initial [2023/05/05 18:44] – [Options] kernel compile requires libelf-dev now naptastic | nndocs:initial [2024/12/05 18:16] (current) – stub out thing naptastic | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ===== Naptastic Network Playbook ===== | ===== Naptastic Network Playbook ===== | ||
| - | + | ====Partition drives==== | |
| - | == Pre-install | + | |
| Partitioning: | Partitioning: | ||
| - | Preseed could not do everything I needed, and stopped working, so I am no longer pursuing it as a technology. I just use the network installer and build from there. | + | Add / |
| - | ==== All systems ==== | + | |
| - | * network interface names. Can I automate this? (Of course I can.) | + | |
| - | * Profile stuff: Bash, Vim, ? Can I automate this? (Of course I can.) | + | |
| - | * Network stuff. Too much goddamn customization. | + | |
| - | * disable journald; configure logging for everything. | + | |
| - | * Make a list of things that need to log | + | |
| - | * How exactly do I want logging set up? | + | |
| - | === All systems with Mellanox adapters | + | ====Move ~ to a BTRFS subvolume==== |
| - | * mst* installer | + | Separate snapshotting the OS from snapshotting your files. |
| - | * copy production opensm configuration in case you have take over as SM | + | |
| - | * (what needs to change here for VMs using virtual functions?) | + | |
| - | If your host is going to do audio stuff, follow the LAD playbook. Which also badly need an update. | + | ====SSH key for root==== |
| + | mkdir /root/.ssh | ||
| + | chmod 700 /root/.ssh | ||
| + | curl https:// | ||
| - | If your host is going to host web stuff, follow the LAMP playbook but keep in mind it's badly out-of-date. Be prepared to search, read docs, look for a better way. | + | ====Reconfigure SSH==== |
| - | ===== Getting Started ===== | + | Configure ssh for a high-numbered port, and not to allow password-based logins. Restart sshd. Verify that 'ssh root@localhost' |
| - | Perform a network install of Debian. | + | ====Backups==== |
| + | Create / | ||
| - | run the naptastic installer if it didn't run as part of the installer: | + | # / was on / |
| + | UUID=some-long-string / | ||
| + | UUID=some-long-string / | ||
| - | curl https://naptastic.com/initial.sh | /bin/bash | + | ====Install Shorewall==== |
| + | * customize interfaces, rules, policy...? | ||
| + | * /etc/default/shorewall | ||
| + | * /etc/shorewall/ | ||
| + | * systemctl enable | ||
| + | * reboot a bunch of times because it's not passing traffic for no reason | ||
| - | # This is not necessary unless | + | ====Pick |
| - | | + | If the repo is installed or mounted locally: |
| - | chmod 700 /root/.ssh | + | |
| - | | + | |
| - | Configure ssh for a high-numbered port, and not to allow password-based logins. Restart sshd. Verify that 'ssh root@localhost' | + | If you have to get it via HTTP: |
| + | deb http:// | ||
| + | deb-src http:// | ||
| - | == Check out /etc == | + | If you have to use public mirrors (RIP): |
| + | deb http:// | ||
| + | deb-src http:// | ||
| - | (You forwarded your agent, right?) | + | ====Remove crap==== |
| + | apt -y remove update-notifier pulseaudio-module-bluetooth bluez blueman bluez-cups bluez-obexd modemmanager rtkit | ||
| - | git clone git@github.com: | + | ====Install extra packages==== |
| - | | + | (This is set up so you can triple-click each block you need, copy/paste or middle-paste into your terminal, then press enter at the end and install everything in one transaction.) |
| - | cd /etc | + | |
| - | git status | + | |
| - | and see where you stand. | + | apt -y install curl vim whois |
| - | Remember: We play with live ammo. Don't `git rm` something unless you're on a host-specific branch. | + | Hardware hosts add: |
| + | | ||
| - | == Networking == | + | Desktops: |
| + | | ||
| - | | + | Audio workstations: |
| + | | ||
| - | check / | + | If you plan to compile your own kernel: |
| + | bison flex libssl-dev ncurses-dev libelf-dev | ||
| - | The answer, somehow, is Netplan; I just don't like that answer much. The answer should be to //remove// layers of complexity, not add them. Just name my devices eth0 and eth1, dammit, or give me control over the naming. | + | ====Networking==== |
| + | ===Device Names=== | ||
| + | ln -s /dev/null /etc/systemd/ | ||
| - | Some of my systems are using ifupdown, and some I'm not sure how they work, and some don't work right. Linux networking | + | Here is what a link file looks like for an Ethernet device: |
| + | $ cat / | ||
| + | # | ||
| + | # Remember to `update-initramfs -u` after changing this file! | ||
| + | # | ||
| + | [Match] | ||
| + | MACAddress=b4: | ||
| | | ||
| - | == Disable TTY screen blanking (Only necessary on Debian Jessie and older) == | + | [Link] |
| + | Name=emo0 | ||
| + | MTUBytes=9000 | ||
| - | Add this to ''/ | + | * emoX for ports on the motherboard |
| + | * enX for (multi-)gigabit stand-up cards | ||
| + | * ibX for InfiniBand IPoIB devices (these do not need .link files though) | ||
| + | * mlxX for Mellanox devices in Ethernet mode | ||
| - | sh -c ' | + | ===Port Conventions=== |
| + | X is 0-indexed. Port 0 on a stand-up card is the farthest from the motherboard. On a motherboard, | ||
| - | ===== Options ===== | + | ===InfiniBand=== |
| + | * [[infiniband]] | ||
| + | * mst* installer | ||
| + | * copy production opensm configuration in case you have take over as SM | ||
| + | * (what needs to change here for VMs using virtual functions?) | ||
| - | maybe you feel like it, maybe you don' | + | Comment out svcrdma in / |
| - | == For all systems | + | ===Ethernet configuration=== |
| + | Is a total mess right now. I don't know what I'm doing or how I want to do it. | ||
| - | apt -y remove update-notifier pulseaudio-module-bluetooth bluez blueman bluez-cups bluez-obexd modemmanager rtkit | + | ====Hugepages==== |
| + | Useful for databases, PHP, Factorio, and probably other things! Add something like this to / | ||
| - | == For hardware boxes == | + | vm.nr_hugepages=512 |
| - | apt -y install smartmontools qemu-kvm gparted | + | To make a non-persistent change, |
| - | == If you are using a graphical desktop environment == | + | sysctl -w vm.nr_hugepages=512 |
| - | (this needs an update: not sure about fonts packages. Also some network-manager-*-gnome packages might be useful depending on what kind of networking | + | Make sure your locked memory limit is equal to or greater than the amount |
| - | apt -y install hexchat synaptic terminator fonts-lohit-knda fonts-knda keepassx evolution virt-manager network-manager-gnome | + | ====Shell profile==== |
| + | * Profile stuff: Bash, Vim, ? Can I automate this? (Of course I can.) | ||
| - | == If you plan to do audio work == | + | ====Logging==== |
| + | * disable journald; configure logging for everything. | ||
| + | * Make a list of things that need to log | ||
| - | apt -y install qjackctl alsa-tools-gui eq10q jalv jamin lilv-utils | + | ====Email==== |
| + | lol, not yet | ||
| + | |||
| + | ====Disable TTY screen blanking==== | ||
| + | I don't know when this is necessary anymore. Add this to ''/ | ||
| + | |||
| + | sh -c ' | ||
| + | |||
| + | ====Audio workstations==== | ||
| cat >> / | cat >> / | ||
| default-sample-format = s24le | default-sample-format = s24le | ||
| Line 91: | Line 130: | ||
| ^D | ^D | ||
| - | == If you plan to compile your own kernel == | + | More on [[lad]]. |
| - | + | ||
| - | apt -y install bison flex libssl-dev ncurses-dev libelf-dev | + | |
nndocs/initial.1683312272.txt.gz · Last modified: 2023/05/05 18:44 by naptastic